private bool ValidateNtAuthStore(X509Chain chain)
{
if (this.options.ValidationMethod != ClientCertificateValidationMethod.NtAuthStore)
{
return(true);
}
this.logger.LogTrace("Attempting to validate certificate against the NTAuth store");
Crypt32.CERT_CHAIN_POLICY_STATUS status = new Crypt32.CERT_CHAIN_POLICY_STATUS();
var para = new Crypt32.CERT_CHAIN_POLICY_PARA
{
cbSize = (uint)Marshal.SizeOf <Crypt32.CERT_CHAIN_POLICY_PARA>()
};
if (!Crypt32.CertVerifyCertificateChainPolicy(6, chain.ChainContext, para, ref status))
{
throw new CertificateValidationException("The function used to validate the certificate chain failed", new Win32Exception(Marshal.GetLastWin32Error()));
}
if (status.dwError != 0)
{
throw new CertificateValidationException("The certificate could not be validated against the NTAuth store. Ensure the issuer is from a trusted enterprise smart-card issuing CA", new Win32Exception((int)status.dwError));
}
this.logger.LogTrace("Certificate successfully validated against the NTAuth store");
return(true);
}